Adobe products still full of security holes

Image via Wikipedia

Adobe security holes are just like No. 73 buses, you don’t have to wait long before another one comes along. Now it seems that Adobe Shockwave Player has a zero-day vulnerability which could potentially allow an attacker control of your computer.

This is unwelcome news to say the least, with millions of computer users having installed Shockwave Player. Of these, the majority will either be totally unaware of the issue and have poor security, or not sure about what to do. It doesn’t help that Adobe is notoriously slow in patching its products.

Adobe has acknowledged the hole affects Shockwave Player 11.5.8.612 and earlier versions on the Windows and Mac operating systems. This is after a researcher made the exploit code public. The security flaw means a hacker could theoretically take control of your computer, with all the implications that has for loss of personal data and your computer becoming a ‘zombie’ computer, spreading trojans and spam across the net to other computers.

So, if you have Adobe Shockwave Player installed on your computer you need to follow these steps:

1. Make sure you are using the very latest version as out of date versions are even more insecure, remaining unpatched for earlier vulnerabilities.

2. Make sure you are fully protected with anti-virus and anti-spyware software. Make sure too that it is fully up to date and that you regularly scan your computer for problems.

Of course, if you are a Mac user then you are less vulnerable but its best to be vigilant and never give permission for any process that you are not sure is genuine.

Related articles

• Adobe Shockwave bitten by code exeuction bug (go.theregister.com)
• Adobe Systems is warning users about a critical bug in Shockwave Player (robbiz1978.blogspot.com)
• Exploit published for unpatched Adobe Shockwave vulnerability (zdnet.com)
• Adobe Warns of Shockwave Bug (nytimes.com)
• Adobe warns of Shockwave bug (macworld.com)
• Critical security holes in Adobe Shockwave (zdnet.com)
• Week 42 in Review – 2010 (infosecevents.net)
• Adobe Warns of Shockwave Bug (pcworld.com)
• Reader, Acrobat Patches Plug 23 Security Holes (krebsonsecurity.com)
• Trusteer Finds Massive Internet Security Hole Remains Unpatched by Users (eon.businesswire.com)
• Adobe Patches Reader, Acrobat Security Holes (pcworld.com)
• Adobe races to patch zero-day vulnerability in Flash Player (sophos.com)
• Adobe Patches Security Holes in RoboHelp, InDesign (pcworld.com)

Phishing schemes targeting MobileMe users

Phishing schemes targeting MobileMe users

by Mel Martin (RSS feed) on Jan 13th, 2010(original article posted on TUAW)

Be very careful if you get an email from Apple telling you they need to re-check your credit card information. One of our readers got just such an email, and he didn’t fall for it. This particular rip-off comes from an ‘Apple-bills.com’ domain, which has nothing to do with Apple. They’ll be glad to take your credit card info, and give you a big surprise when you get your next billing statement. An Apple representative confirmed that the email is not from Apple.

They also suggest you send copies of the email and relevant details to spam@me.com if you get one. This isn’t the first time this scam has gone after MobileMe users. We reported on some MobileMe scams in May. In February another scam site was telling people their MobileMe renewal was not received and to do it again. Back in 2008, ComputerWorld reported on another phony scheme that fleeced about 200 MobileMe customers in a single day. It’s probably a good idea to not click on links in emails that ask for financial or credit card information, and it is easy to check with any vendor to see if the request is legitimate. If you ever have questions about a MobileMe renewal, you can go to: http://www.apple.com/support/mobileme/ and do a live chat with an Apple support agent.

Also, don’t update from an email. Log into your account and update there. Just before posting this I tried the link our reader sent. The first time I clicked I saw the fake Apple page. Now there is an error page there instead. Thanks to Asif for the tip. Tags: credit cards, fraud, MobileMe, phishing, scams, schemes, spam * Source * Email this * Share * Tweet this! * Comments (6) Filed under: Rumors, iPhone Rumor: Apple tablet said to be “iPhone on steroids” by Sang Tang (RSS feed) on Jan 13th, 2010 If there’s anything consistently consistent about the purported Apple tablet, it’s that it’s said to be, in essence, a larger iPhone. Expanding on this, Boy Genius Report cites its “close Apple contact” that claims the device is “an iPhone on steroids.”

Like its iPhone brethren, the tablet is said to sport an ARM processor, adding the caveat that the processor will be “incredibly fast.” Also according to the report, the tablet will support multi-touch gestures that are said to be “out of control.” Back in 2005, Apple acquired FingerWorks, a company that specialized in gesture-based computing. According to former Apple engineers, FingerWorks will have its footprint — er, fingerprints — on the purported tablet. The meat behind these potatoes is said to be the iPhone OS kernel. For this reason, there hasn’t been an updated build of the iPhone OS out of fears that tablet-related references in the code would leak.

Related articles by Zemanta

• Apple release free MobileMe Gallery iPhone app (downloadsquad.com)
• Technology Predictions for 2010 (livedigitally.com)
• The Tablet. Finely Tuned. (macstories.net)
• Remains of the Day: What’s Coming in Windows 7 SP1 Edition (lifehacker.com)
• Rumor: Tablet delays iPhone updates (tuaw.com)
• Rumor: Apple tablet said to be “iPhone on steroids” (tuaw.com)
• The Week In Gizmodoebook [Roundup] (gizmodo.com)

MacUser report SX/Jahlav-D infectin hiding in hacked Quicktime update

MacUser is reporting that a fake Quicktime installer has been identified. The installer package contains the . Previous versions of the trojan have been distributed in hacked copies of iWork and Photoshop, or have masqueraded as updates to Adobe’s Flash player and as plugins said to be necessary to watch web videos.

The potential infection serves again as a reminder not to install software unless it is comes from the developers’ own website, or in Apple’s case via Software Update, or from a trusted third-party site such as MacUpdate or Version Tracker.

Currently, installing hacked software is the only way to allow an infection onto a Mac. There is no self-propagating malware that kind find its way onto a system without the user’s help.

Original article by Simon Aughton. Visit the MacUser site here: http://www.macuser.co.uk/news/266320/mac-infection-masquerades-as-quicktime-update.html

Related articles by Zemanta

• Apple releases Security Update 2009-004 (tuaw.com)
• Apple goes on a bug bashing safari (daniweb.com)
• Apple Shoots Ad For New Product in California Diner (cultofmac.com)
• Safari 4.0.3 Released (livecrunch.com)

Java vulnerability in Mac OS X finally patched

It was a long time coming but we finally have a patch for the Java vulnerability in OS X. Apple has made the ptch available vi Software Update. Java for Mac OS X 10.4, Release 9 delivers improved reliability, security and compatibility for J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.4.11 and later. This release updates J2SE 5.0 to version 1.5.0_19 and J2SE 1.4.2 to version 1.4.2_21.

For more details on this update, please visit this website: http://support.apple.com/kb/HT3593

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222